Access an entire team of security professionals for less than the cost of one. Our approach helps ensure that security and compliance measures are properly factored into your business and technology decisions while at the same time keeping your budget on track.

Using Root Cause Analysis After a Cybersecurity Incident

There were 1,579 breaches reported in the U.S. in 2017, according to the Identity Theft Resource Center (ITRC). This represented a 44.7 percent increase over incidents reported for 2016. Your enterprise might be next, so it’s important to learn about incident response, including a Root Cause Analysis.

The best defense for your business is prevention, but when an incident does occur, it’s important to use the opportunity to learn as much about it as possible. Applying the lessons learned through a Root Cause Analysis to harden your security posture will make it more difficult for attackers to victimize your business again.

Cyberattacks happen. Data breaches occur. It’s often what you do following a breach that sets your future course.

Using Root Cause Analysis to Get to the Bottom of the Problem

Trying to make good cybersecurity decisions without sufficient information is a recipe for failure. A vital tool for proper incident response is Root Cause Analysis. According to the National Institute of Standards and Technology, enterprises must not only understand individual vulnerabilities but what ultimately causes them:

Vulnerability identification can be accomplished at a per-individual weakness/deficiency level or at a root-cause level. When selecting between approaches, organizations consider whether the overall objective is identifying each specific instance or symptom of a problem or understanding the underlying root causes of problems. Understanding specific exploitable weaknesses or deficiencies is helpful when problems are first identified or when quick fixes are required. This specific understanding also provides organizations with necessary sources of information for eventually diagnosing potential root causes of problems, especially those problems that are systemic in nature.

Creating a Cause Map

When an event occurs, the organization should create a cause map to connect individual cause and effect relationships to reveal the root cause of the incident.

At a high level, the cause map helps to create a visual representation of the event by determining the following:

What happened

Why it happened

What to do to reduce the likelihood of it happening again

Of course, each of these steps requires careful and objective analysis performed by those with both subject matter expertise and background knowledge of the circumstances leading up to the incident.

Objectivity and Expertise is Key

The NIST defines Root Cause Analysis as: “a principle-based, systems approach for the identification of underlying causes associated with a particular set of risks.”

Because your own employees might not have the right skills or be too invested in the situation to objectively classify risks, it’s important to hire a neutral third party to investigate the causes behind a data breach or a cybersecurity incident.

Skilled incident responders can find the root cause of breaches and develop a remediation roadmap and implement future prevention efforts. Not taking the necessary steps to fully remediate lapses in information security will increase the chance that attackers can successfully target your enterprise again.